Debian Bug : 1001062 1021659
Multiple vulnerabilties have been found in freelrdp2, a free implementation of the Remote Desktop Protocol (RDP). The vulnerabilties potentially allows authentication bypasses on configuration errors, buffer overreads, DoS vectors, buffer overflows or accessing files outside of a shared directory.
0width/height or out of bound rectangles to trigger out of bound writes. With
0width or heigth the memory allocation will be
0but the missing bounds checks allow writing to the pointer at this (not allocated) region.
SAMfile might be successful for invalid credentials if the server has configured an invalid
SAMfile path. FreeRDP based clients are not affected. RDP server implementations using FreeRDP to authenticate against a
SAMfile are affected. Version 2.7.0 contains a fix for this issue. As a workaround, use custom authentication via
HashCallbackand/or ensure the
SAMdatabase path configured is valid and the application has file handles left.
/parallelcommand line switch might read uninitialized data and send it to the server the client is currently connected to. FreeRDP based server implementations are not affected.
/videocommand line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected.
urbdrcchannel. A malicious server can trick a FreeRDP based client to crash with division by zero.
urbdrcchannel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server.
drivechannel. A malicious server can trick a FreeRDP based client to read files outside the shared directory.
drivechannel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server.
For Debian 10 buster, these problems have been fixed in version 2.3.0+dfsg1-2+deb10u4.
We recommend that you upgrade your freerdp2 packages.
For the detailed security status of freerdp2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/freerdp2
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS